Dental Covid - 19 Orthodontic Covid - 19
Bank Cottage Dental 14 Castle Street, Thornbury, Bristol, BS35 1HB
Speak to us today on 01454 412053
I would like to
google icon2 instagram icon2 Reviews

Data Protection

  • Home
  • >
  • Data Protection

Data Protection and Information Security Policy

This practice is committed to complying with the Data Protection Act 2018, the General Data Protection Regulation (GDPR), GDC, NHS and other data protection requirements relating to our work. We only keep relevant information about employees for the purposes of employment and about patients to provide them with safe and appropriate health care.

All data protection and information security policies procedures and risk assessments are reviewed annually in iComply.

The person responsible for data protection and information security is the Information Governance Lead,is Dr Connor Hichens

Our lawful bases for processing your personal data are listed in our Privacy Notice .

The practice offers individuals real choice and control. Our consent procedures put individuals in charge to build patient trust and engagement. Our consent for marketing requires a positive opt-in, we don’t use pre-ticked boxes or any other method of default consent. We make it easy for people to withdraw consent, tell them how to and keep contemporaneous evidence of consent. Consent to marketing is never a precondition of a service.

Data protection officer (DPO)
[NHS practices: Our DPO is the Information Governance Lead, Dr Anshu Sood.

Pseudonymisation means transforming personal data so that it cannot be attributed to an individual unless there is additional information.

  • Pseudonymisation – the data can be tracked back to the original data subject
  • Anonymisation – that data cannot be tracked back to the original data subject

Examples of pseudonymisation we use are:

  • We never identify patients in research, patient feedback reports or other publicly available information
  • When we store and transmit electronic data it is encrypted and the encryption key is kept separate from the data

Data breaches
We report certain types of personal data breaches to the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. If the breach results in a high risk of adversely affecting individuals’ rights and freedoms we also inform those individuals without undue delay. We keep contemporaneous records of any personal data breaches, whether or not we need to notify. For our data breach notification procedures see Information Governance Procedures .

Right to be informed
We provide ‘fair processing information’, through our Privacy Notice  and the Privacy Notice for Children which provide transparency about how we use personal data.


Your data rights
Right of Access
Individuals have the right to access their personal data and supplementary information. The right of access allows individuals to be aware of and verify the lawfulness of the processing. If an individual contacts the practice to access their data they will be provided with, as requested:

  • Confirmation that their data is being processed
  • Access to their personal data
  • Any other supplementary information about your rights as found below and in our Privacy Notices

Right to erasure
The right to erasure is also known as ‘the right to be forgotten’. The practice will delete personal data on request of an individual where there is no compelling reason for its continued processing. The right to erasure applies to individuals who are not patients at the practice. If the individual is or has been a patient, the clinical records will be retained according to the retention periods in Record Retention and after the periods stated can be deleted upon request.

Right of rectification
Individuals have the right to have personal data rectified if it is inaccurate or incomplete.

Right to restriction
Individuals have a right to ‘block’ or suppress the processing of their personal data. If requested we will store their personal data but stop processing it. We will retain just enough information about the individual to ensure that the restriction is respected in the future.

Right to object
Individuals have the right to object to direct marketing and processing for purposes of scientific research and statistics.

Data portability
An individual can request the practice to transfer their data in electronic or other format.

Privacy by design
We implement technical and organisational measures to integrate data protection into our processing activities. Our data protection and information governance management systems and procedures take Privacy by design as their core attribute to promote privacy and data compliance.

We keep records of processing activities for future reference.

Privacy impact assessment
To identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy we review our Privacy Impact Assessment annually in iComply using the Sensitive Information Map, PIA and Risk Assessment

Information security
Information Governance Procedures includes the following information security procedures:

  • Team members follow the ‘Staff Confidentiality Code of Conduct’, which clarifies their legal duty to maintain confidentiality, to protect personal information and provides guidance on how and when personal or special category data can be disclosed
  • How to manage a data breach, including reporting
  • A comprehensive set of procedures, risk assessments and activities to prevent the data we hold being accidentally or deliberately compromised and to respond to a breach in a timely manner
  • The requirements and responsibilities if team members use personal equipment such as computer, laptop, tablet or mobile phone for practice business

Regular review
This policy and the data protection and information governance procedures it relates to are reviewed annually with iComply.


Get in touch


As a person with a fear of dentists who had not visited one in 8 years I can honestly say Dentist Tim Lindop and Nurse Lisa made me feel at ease. They were friendly and professional and I cannot recommend them highly enough. Tim took the time to thoroughly explain to me what he was going to do before beginning which took a lot of my anxiety away. After explaining my concerns Tim was very patient and understanding and the injections I received were very gentle. Excellent dental practice with exceptional staff, I won't be going anywhere else in future.


Have a question?

facier thumb

Bridge2Aid - our chosen charity. How you can help.


Bank Cottage has supported Bridge 2 Aid charity for many years.  Bridge 2

Read More
facier thumb

Sharing is caring - let's work together to improve the future for our children!


Oral hygiene and dietary habits are established during childhood.  So with

Read More
facier thumb

Teamwork is how everyday people achieve remarkable goals


Bank Cottage are proud to work with CBC Dental Laboratory, which have been

Read More
facier thumb

Taking time to get back to basics


“After a certain high level of technical skill is achieved, science and art

Read More
facier thumb

Modern Dentistry Training


Tim attending one of his hands-on technical courses as part of a one year t

Read More
facier thumb

Fireman Sam in Thornbury?


The Bank Cottage team had an enjoyable and informative fire training update

Read More
facier thumb

"If you can dream it, you can do it!" - Walt Disney


Lisa was proud to receive her brown sash certificate from her inspirational

Read More
facier thumb

Helphomeless Bristol


Teresa and Lisa Perrin have volunteered to go on a rota every 6 weeks to pr

Read More